Privacy Protection Query Language PQL and System Thereof

ABSTRACT

The invention discloses privacy protection query language PQL and system thereof, comprising PQL statement and system, the system comprises parsing module, query module and noise-injection module; the parsing module comprises lexical analyzer and syntactic analyzer; user inputs PQL statement according to predetermined semantic and syntactic rules, after parsing module receives the PQL statement, lexical analyzer performs error checks on the PQL statement, correct results are sent to syntactic analyzer; the syntactic analyzer performs grammatical and semantic checks on PQL statement, generates a mapping table and a parameter table with correct results; after receiving mapping table, the query module encapsulates the same into SQL statement, and verifies the encapsulated SQL statement; the noise-injection module obtains final query results of the query module, calculates noise injection sensitivity according to parameter table; the invention ensures the data privacy security and satisfies that the injected noise does not affect data availability.

BACKGROUND OF THE INVENTION 1. Field of the Invention

The invention relates to the field of data security, in particular to aprivacy protection query language PQL and a system thereof.

2. Description of the Related Art

In today's network environment, sharing aggregate data is an importantway of data reuse, however, due to the high correlation between data,aggregated data is at risk of leaking privacy. Therefore, how to protectthe privacy and security of aggregated data has become a major challengefor data sharing.

The differential privacy protection algorithm interferes the calculationresults with noise and at the same time guarantees certain dataavailability, thereby becoming the main privacy protection method in theprior art.

However, because the differential privacy algorithm is too complex touse, and the balance between noise interference and data availability istoo professional, the algorithm cannot be directly applied to thedatabase query results, which increases the learning cost of the staffand the cost of writing differential privacy programs.

Therefore, a privacy protection query language PQL and a system thereofhas become an urgent problem to be solved.

SUMMARY OF THE INVENTION

The technical problems to be solved by the invention are that theaggregated data in the prior art has the risk of leakage of privacy,also the differential privacy algorithm is too complicated to bedirectly applied to the database query results, and the algorithmincreases the learning cost of the staff and the cost of writingdifferential privacy programs.

In order to solve above technical problems, the invention provides thefollowing technical schemes: a privacy protection query language PQL anda system thereof, comprising PQL statement and system;

the PQL statement comprises: PROTECT clause, PICK clause, WITH clause,WITHRANGE clause, GLOBAL clause, and WHERE clause;

the system comprises a parsing module, a query module and anoise-injection module;

the parsing module comprises a lexical analyzer and a syntacticanalyzer;

the user inputs the PQL statement according to predetermined semanticand syntactic rules and sends the same to the parsing module, after theparsing module receives the PQL statement, the PQL statement is checkedfor errors through the lexical analyzer, correct results are sent to thesyntactic analyzer, otherwise, incorrect contents are pointed out;

the syntactic analyzer performs grammatical and semantic checks on thePQL statement, generates a mapping table and a parameter table with thecorrect results and sends to the query module and the noise-injectionmodule respectively, otherwise, incorrect contents are pointed out;

after receiving the mapping table, the query module encapsulates thesame into an SQL statement, and verifies the encapsulated SQL statement,the SQL statement is connected to the database for query, and finalquery results are sent to the noise-injection module;

the noise-injection module obtains the final query results of the querymodule, calculates noise injection sensitivity according to theparameter table, and substitutes real query results, sensitivity, andprivacy budget into underlying differential privacy algorithm functionfor noise injection, and thereafter the results after noise injection isreturned.

Further, the PROTECT clause and the PICK clause are first requiredclauses;

the WITH clause and the WITHRANGE clause are second required clauses;

the GLOBAL clause and the WHERE clause are optional clauses.

Further, the the PQL statement also comprises aggregate functionscomprising Avg[ ], Total[ ], Highest[ ], Lowest[ ] and Compute[ ];

wherein

the Avg[ ] is sequence average value function;

the Total[ ] is sequence sum total function;

the Highest[ ] is sequence maximum value function;

the Lowest[ ] is sequence maximum value function;

the Compute[ ] is sequence line number function.

Further, the method for the query module to verify the encapsulated SQLstatement is as follows:

Step 1: determining whether there is a WHERE clause, if yes, dividingthe WHERE clause into first part and second part, if no, the entire SQLstatement is the first part;

Step 2: extracting the name of data table and field name of sequence inthe first part to perform validity verification respectively, and if thesecond part exists after the verification is successful, performingverification on the second part;

Step 3: verifying the field name, operator of sequence and field datatype of actual sequence in the second part.

Further, the calculation process of noise injection sensitivity is asfollows:

Step 1: determining whether the query function is a sequence functionaccording to the parameter table, if yes, the sensitivity is a fixedvalue of 1, and the sensitivity is returned, if no, taking next step;

Step 2: determining whether there is a global clause according to theparameter table, if yes, ignoring the WHERE clause and using all data inthe corresponding sequence field as sensitivity basis, if no, using thedata filtered by the WHERE clause conditions as the sensitivity basis;

Step 3: calculating corresponding sensitivity according to the differentquery functions and sensitivity basis in the parameter table, andreturning the sensitivity to the next step.

Further, the mapping table comprising query data table name, queryfunction, query sequence field name and WHERE clause.

Further, the parameter table comprises query function, global clause,WHERE clause and privacy budget.

Compared to the prior art, the invention has the following advantageouseffects: the invention guarantees the security of shared data throughthe cooperation of PQL statements and the system, and simultaneouslysatisfies that the injected noise does not affect the usability of data;the invention reduces the learning cost of differential privacy to alarge extent, also, reduces the difficulty degree of writingdifferential privacy programs; moreover, the invention has a reasonabledesign and is worthy of vigorous promotion.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a flowchart showing the privacy protection query language PQLand system thereof;

FIG. 2 is a flowchart showing the parsing module parsing PQL statementin the invention;

FIG. 3 is a flowchart showing the query module querying data in theinvention;

FIG. 4 is a flowchart showing the noise-injection module injecting noiseto query result in the invention;

FIG. 5 shows clause rules of predetermined semantic and syntactic rulesof the PQL statement in the invention;

FIG. 6 shows function rules of predetermined semantic and syntacticrules of the PQL statement in the invention;

FIG. 7 is a flowchart showing verification on encapsulated SQL statementin the invention;

FIG. 8 is a flowchart showing the calculation of noise-injectionsensitivity in the invention;

FIG. 9 shows specific format of the mapping table in the invention;

FIG. 10 shows specific format of the parameter table in the invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The invention will be further described in detail below with referenceto accompanying drawings.

The invention is described in detail by combining FIG. 1-10.

The concept related in the invention: PQL is the abbreviation ofProtection Query Language, the parsing module encapsulates PQL statementwith predetermined semantic and syntactic rules into corresponding SQLstatement, after querying database, the differential privacy algorithmis combined to inject noise to the query results, which can effectivelysolve the problem of shared data privacy leakage to protect the querylanguage.

In specific embodiment, the invention provides a privacy protectionquery language PQL and a system thereof, comprising PQL statement andsystem;

the PQL statement comprises: PROTECT clause, PICK clause, WITH clause,WITHRANGE clause, GLOBAL clause, and WHERE clause;

the system comprises a parsing module, a query module and anoise-injection module;

the parsing module comprises a lexical analyzer and a syntacticanalyzer;

the user inputs the PQL statement according to predetermined semanticand syntactic rules and sends the same to the parsing module, after theparsing module receives the PQL statement, the PQL statement is checkedfor errors through the lexical analyzer, correct results are sent to thesyntactic analyzer, otherwise, incorrect contents are pointed out;

the syntactic analyzer performs grammatical and semantic checks on thePQL statement, generates a mapping table and a parameter table with thecorrect results, and sends to the query module and the noise-injectionmodule respectively, otherwise, incorrect contents are pointed out;

after receiving the mapping table, the query module encapsulates thesame into an SQL statement, and verifies the encapsulated SQL statement,SQL statement is connected to the database for query, and final queryresults are sent to the noise-injection module;

the noise-injection module obtains the final query results of the querymodule, calculates noise injection sensitivity according to theparameter table, and substitutes real query results, sensitivity, andprivacy budget into underlying differential privacy algorithm functionfor noise injection, and then the results after noise injection isreturned.

the PROTECT clause and the PICK clause are first required clauses;

the WITH clause and the WITHRANGE clause are second required clauses;

the GLOBAL clause and the WHERE clause are optional clauses.

PQL

Avg[ ], Total[ ], Highest[ ], Lowest[ ]

Compute[ ]

;

the PQL statement also comprises aggregate functions comprising Avg[ ],Total[ ], Highest[ ], Lowest[ ] and Compute[ ];

wherein:

the Avg[ ] is sequence average value function;

the Total[ ] is sequence sum total function;

the Highest[ ] is sequence maximum value function;

the Lowest[ ] is sequence maximum value function;

the Compute[ ] is sequence line number function.

The method for the query module to verify the encapsulated SQL statementis as follows:

Step 1: determining whether there is a WHERE clause, if yes, dividingthe WHERE clause into first part and second part, if no, the entire SQLstatement is the first part;

Step 2: extracting the name of data table and field name of sequence inthe first part to perform validity verification respectively, and if thesecond part exists after the verification is successful, performingverification on the second part;

Step 3: verifying the field name, operator of sequence and field datatype of actual sequence in the second part.

The calculation process of noise injection sensitivity is as follows:

Step 1: determining whether the query function is a sequence line numberfunction according to the parameter table, if yes, the sensitivity is afixed value of 1, and the sensitivity is returned, if no, taking nextstep;

Step 2: determining whether there is a global clause according to theparameter table, if yes, ignoring the WHERE clause and using all data inthe corresponding sequence field as sensitivity basis, if no, using thedata filtered by the WHERE clause conditions as the sensitivity basis;

Step 3: calculating corresponding sensitivity according to the differentquery functions and sensitivity basis in the parameter table, andreturning the sensitivity to the next step.

The mapping table comprising query data table name, query function,query sequence field name and WHERE clause.

The parameter table comprises query function, global clause, WHEREclause and privacy budget.

The specific implementation process of the privacy protection querylanguage PQL and system thereof in the invention is as follows:

as shown in FIG. 1, the system comprises a parsing module, a querymodule and a noise-injection module; the parsing module comprises alexical analyzer and a syntactic analyzer;

after the user inputting the PQL query statement, the lexical analyzerin the parsing module performs error check, after the check, thesyntactic analyzer performs grammatical and semantic checks to generatea mapping table and a parameter table, and sends to the query module andthe noise-injection module respectively; thereafter, the query moduleencapsulates the mapping table into an SQL statement, the SQL statementis connected to the database for data query, and final query results aresent to the noise-injection module; finally, the noise-injection moduleinjects noise into the query results according to the parameter tableand returns the same for business needs.

As showing in FIG. 2, the process of parsing PQL statements by theparsing module is as follows:

(1) user inputs the PQL statement according to predetermined semanticand syntactic rules and sends the same to the parsing module;

(2) after the parsing module receives the PQL statement, the PQLstatement is checked for errors through the lexical analyzer, correctresults are sent to the syntactic analyzer, otherwise, incorrectcontents are pointed out;

(3) the syntactic analyzer performs grammatical and semantic checks onthe PQL statement, incorrect contents are pointed out, otherwise, amapping table and a parameter table with the correct results aregenerated and sent to the query module and the noise-injection modulerespectively;

As showing in FIG. 3, the process of data query of the query module isas follows:

(1) after receiving the mapping table, the query module encapsulates thesame into an SQL statement;

(2) verifies the encapsulated SQL statement;

(3) SQL statement is connected to the database for query;

(4) final query results are sent to the noise-injection module;

As showing in FIG. 4, the process of injecting noise to query result bythe noise-injection module is as follows:

(1) obtains the final query results of the query module;

(2) calculates noise injection sensitivity according to the parametertable;

(3) substitutes real query results, sensitivity, and privacy budget intounderlying differential privacy algorithm function for noise injection;

(4) the results after noise injection is returned.

As showing in FIG. 5, the clause rules of predetermined semantic andsyntactic rules of the PQL statement are as follows:

(1) the PQL statement comprises PROTECT clause, PICK clause, WITHclause, WITHRANGE clause, GLOBAL clause, and WHERE clause;

(2) the PROTECT clause and the PICK clause are first required clauses,the WITH clause and the WITHRANGE clause are second required clauses,the GLOBAL clause and the WHERE clause are optional clauses;

(3) the PROTECT clause specifies query table name, the PICK clausespecifies query function name, the WITH clause specifies privacy budget,the WITHRANGE clause specifies range of privacy budget, the GLOBALclause specifies whether sensitivity is globally calculated and theWHERE clause specifies query conditions.

As shown in FIG. 6, function rules of predetermined semantic andsyntactic rules of the PQL statement are as follows:

(1) the PQL statement comprises aggregate functions comprising Avg[ ],Total[ ], Highest[ ], Lowest[ ] and Compute[ ];

(2) the Avg[ ] is sequence average value function, the Total[ ] issequence sum total function, the Highest[ ] is sequence maximum valuefunction, the Lowest[ ] is sequence maximum value function, the Compute[] is sequence line number function;

(3) function [ ] is the sequence field name and supports only onesequence field;

(4) the sequence field name in the Compute[ ] of the PQL statement mustbe represented by *.

As shown in FIG. 7, the process of verification on encapsulated SQLstatement is as follows:

(1) the SQL statement is divided into first part and second part by theWHERE clause, if there is no WHERE clause, there is no need to divide,and the entire SQL statement is the first part;

(2) extracting the name of data table and field name of sequence in thefirst part to perform validity verification respectively, if theverification is unsuccessful, the error contents are point out for user,and if the second part exists after the verification is successful,performing verification on the second part;

(3) if there is a second part, verifying the field name, operator ofsequence and field data type of actual sequence in the second part, ifthe verification is unsuccessful, the error contents are point out foruser, and if the verification is successful, proceeds to the next step;

As shown in FIG. 8, the calculation process of the noise injectionsensitivity is as follows:

(1) determining whether the query function is a sequence line numberfunction according to the parameter table, if yes, the sensitivity is afixed value of 1, and the sensitivity is returned, if no, taking nextstep;

(2) determining whether there is a global clause according to theparameter table, if yes, ignoring the WHERE clause and using all data inthe corresponding sequence field as sensitivity basis, if no, using thedata filtered by the WHERE clause conditions as the sensitivity basis

(3) calculating corresponding sensitivity according to the differentquery functions and sensitivity basis in the parameter table, andreturning the sensitivity to the next step.

As shown in FIG. 9-10, the specific format of the mapping table andparameter table is as follows:

(1) mapping table: query data table name, query function, query sequencefield name and WHERE clause;

(2) parameter table: query function, global clause, WHERE clause andprivacy budget.

The embodiments are described below:

PQL syntax comprises two parts, one is basic syntax clause, which refersto various statistical query functions supported by PQL; the other isthe parameter setting syntax clause of the differential privacyprotection algorithm, which refers to the corresponding privacy budgetand sensitivity parameters chosen by data analyst according to thewanted degree of privacy protection;

the complete PQL syntax is shown below:

PROTECT protect_table|name

PICK pick_fun|column

WITH with_specific ε

[OR WITHRANGE(X,Y) withrange(x,y)_range of ε]

[Global global_global sensitivity+[WHERE where_condition]]

[WHERE where_condition]

wherein [ ] refers to optional clause.

The operators and functions supported by PQL are shown in Table 1:

TABLE 1 instruction operator = equal to < less than > greater than <=less than or equal to >= greater than or equal to != unequal to and andor or function Total [column_name] sum total Highest [column_name]maximum Lowest[column_name] minimum Count [*] line number Avg[column_name] average

Main components of the PQL syntax are shown below:

(1) PROTECT Clause

With the same as the function of the table name contained in the SELECTclause in the SQL statement, each PROTECT clause in the PQL querylanguage must contain a noise-injection table name (protect_table|name),as shown in embodiment 1: HCV patient data table for a certain period:

Embodiment 1: Protect HCV;

(2) PICK Clause

Each PICK clause must select a statistical query function according tothe selected field, such as sum total and average function in Table 1,for example embodiment 2: average hospitalization expense in a certainperiod of time:

Embodiment 2: Protect expenses Pick Avg [total];

(3) WITH or WITHRANGE Clause

The user is required by each WITH clause to select a specific privacybudget value from the range (0,1) to input thereinto; the user isrequired by each WITHRANGE clause to select a specific privacy budgetrange from the range (0,1) to input thereinto; in the specific operationprocess, the user can select one of the WITH clause and WITHRANGEclause, which indicates the size of the privacy budget ε that the userwants to add to the query result; as shown in embodiment 3 andembodiment 4: average body mass index of HCV patients:

Embodiment 3: Protect HCV Pick Avg [BMI] With 0.6;

Embodiment 4: Protect HCV Pick Avg [BMI] Withrange(0.4,0.7);

(4) WHERE clause and Global clause

The WHERE clause belongs to optional clause, indicates the attachedconditions when to querying the table, which is generally used with theGlobal clause. The Global clause represents the global sensitivity indifferential privacy, after the user selects the Global clause, PQLcalculates the sensitivity based on all records to inject noise usingthe differential privacy protection algorithm. As shown in embodiment 5and embodiment 6: average hospitalization expenses for a hospital withmore than 10 days of hospitalization:

Embodiment 5: Protect expenses Pick Avg [total] With 0.8 Where day>10;

Embodiment 6: Protect expenses Pick Avg [total] With 0.8 Global Whereday>10;

(5) Sensitivity Calculation

In the process of injecting noise to the original data, thenoise-injection module uses the Laplace mechanism to disturb theoriginal data, and the injected noise is: λ=Δf/ε, wherein λ refers toamount of injected noise, ε refers to privacy budget, Δf refers tosensitivity, the privacy budget requires the user to use the WITH orWITHRANGE clause to define according to own needs, the sensitivity willbe automatically matched according to the different functions used bythe user, the calculation methods for different functions are asfollows:

1) Compute[ ] sequence line number function: according to the definitionof Laplace mechanism, counting statistical sensitivity is a fixed valueof 1, that is Δf=1;

2) Total[ ] sequence sum total function: according to the definition ofLaplace mechanism, sum statistical sensitivity is the absolute value ofthe maximum value in the query sequence, that is Δf=|N_(Max)|;

3) Highest[ ] sequence maximum value function: according to thedefinition of Laplace mechanism, maximum statistical sensitivity is theabsolute value of the maximum value minus the sub-maximum value in thequery sequence, that is Δf=|N_(Max)−N_(Sub-Max)|;

4) Lowest[ ] sequence minimum value function: according to thedefinition of Laplace mechanism, minimum statistical sensitivity is theabsolute value of the minimum value minus the sub-minimum value in thequery sequence, that is Δf=|N_(Min)−N_(Sub-Min)|;

5) Avg[ ] sequence average value function: according to the definitionof Laplace mechanism, the calculation process of average statisticalsensitivity is as follows:

a. calculating the average value of query sequence Avg1;

b. obtaining the maximum value Max and the minimum value Min in thequery sequence;

c. obtaining the maximum difference c₁=|Avg₁−Min|, obtaining the minimumdifference c₂=|Max−Avg₁|;

d. obtaining the sum total Sum and sequence line number Count of thequery sequence;

e. if c₁−c₂>0, the maximum difference D=Min, if c₁−c₂≤0, the maximumdifference D=Max;

f. obtaining the average value after deleting the maximum difference

${{Avg}_{2} = \frac{{Sum} - D}{{Count} - 1}};$

g. sensitivity Δf=|Avg₂−Avg₁|.

As shown in Table 2, there are some student scores of a school:

Student No. Name Total score 20180012315 Student 1 468 20180012316Student 2 454 20180012317 Student3 493 20180012318 Student4 47920180012319 Student5 488 20180012320 Student6 426 20180012321 Student7447 20180012322 Student8 482 20180012323 Student9 467 20180012324Student10 475

The sensitivity in different query functions is calculated as follows:

1) querying the number of students with a score of 450 or above by usingthe Compute[ ] sequence line number function, and the sensitivity is afixed value of 1, that is Δf=1;

2) querying the sum of scores by using the Total[ ] sequence sum totalfunction, the sensitivity is the absolute value of the maximum value inthe query sequence, that is Δf=493;

3) querying the highest score by using the Highest[ ] sequence maximumvalue function, and the sensitivity is the absolute value of the maximumvalue minus the sub-maximum value in the query sequence, that isΔf=|493−488|, that is Δf=5;

4) querying the lowest score by using the Lowest[ ] sequence minimumvalue function, and the sensitivity is the absolute value of the minimumvalue minus the sub-minimum value in the query sequence, that isΔf=|426−447|, that is Δf=21;

5) querying the average score by using the Avg[ ] sequence average valuefunction, the calculation of the sensitivity is as follows:

a. calculating the average value of query sequence Avg1=467.9;

b. obtaining the maximum value and the minimum value in the querysequence, Max=493, Min=426;

c. obtaining the maximum difference c₁=|467.9−426|, c₁=41.9, the minimumdifference c₂=|493−467.9|, c₂=25.1;

d. obtaining the sum total Sum=4679 and sequence line number Count=10 ofthe sequence;

e. because c1−c2=41.9−25.1>0, the maximum difference D=Min, that isD=426;

f. the average value after deleting the maximum difference

${{Avg}_{2} = {\frac{{Sum} - D}{{Count} - 1} = {\frac{4679 - 426}{10 - 1} = 472.55}}};$

g. sensitivity Δf=|Avg2− Avg₁|=|472.55−467.9|=4.65, that is Δf=4.65.

The invention encapsulates the PQL statements of predetermined semanticand syntactic rules into corresponding SQL statements through theparsing module, after querying database, the differential privacyalgorithm is combined to inject noise to the query results, which notonly can effectively solve the problem of shared data privacy leakage,but also greatly reduces the difficulty of using algorithms indifferential privacy.

The invention and the embodiments thereof are described above, and thedescription is not restrictive, and the actual structure is not limitedthereto. In short, any structural methods and embodiments similar to theinvention designed by those skilled in the art inspired by theinvention, without departing the spirit of the invention and without anycreative design, should be included in the protection scope of theinvention.

The literature referenced by the Laplace mechanism are as follows:

[Serial No.] Main responsible person. Literature title [D]. Place ofpublication: Publisher, publication year: Page number:

[1] Cynthia Dwork, Aaron Roth. The Algorithmic Foundations ofDifferential Privacy [M]. Now Publishers Inc. 2014: 30-37.

[2] Phan N H, Wu X, Hu H, et al. Adaptive Laplace Mechanism:Differential Privacy Preservation in Deep Learning[J]. arXiv,2017:386-387.

1. Privacy protection query language PQL and system thereof, comprisingPQL statement and system, the PQL statement comprises: PROTECT clause,PICK clause, WITH clause, WITHRANGE clause, GLOBAL clause, and WHEREclause; the system comprises a parsing module, a query module and anoise-injection module; the parsing module comprises a lexical analyzerand a syntactic analyzer; the user inputs the PQL statement according topredetermined semantic and syntactic rules and sends the same to theparsing module, after the parsing module receives the PQL statement, thePQL statement is checked for errors through the lexical analyzer,correct results are sent to the syntactic analyzer, otherwise, incorrectcontents are pointed out; the syntactic analyzer performs grammaticaland semantic checks on the PQL statement, generates a mapping table anda parameter table with the correct results, and sends to the querymodule and the noise-injection module respectively, otherwise, incorrectcontents are pointed out; after receiving the mapping table, the querymodule encapsulates the same into an SQL statement, and verifies theencapsulated SQL statement, SQL statement is connect to the database forquery, and final query results are sent to the noise-injection module;the noise-injection module obtains the final query results of the querymodule, calculates noise injection sensitivity according to theparameter table, and substitutes real query results, sensitivity, andprivacy budget into underlying differential privacy algorithm functionfor noise injection, and then the results after noise injection isreturned.
 2. The privacy protection query language PQL and systemthereof of claim 1, wherein the PROTECT clause and the PICK clause arefirst required clauses; the WITH clause and the WITHRANGE clause aresecond required clauses; the GLOBAL clause and the WHERE clause areoptional clauses.
 3. The privacy protection query language PQL andsystem thereof of claim 1, wherein the PQL statement also comprises:aggregate functions comprising Avg[ ], Total[ ], Highest[ ], Lowest[ ]and Compute[ ]; wherein: the Avg[ ] is sequence average value function;the Total[ ] is sequence sum total function; the Highest[ ] is sequencemaximum value function; the Lowest[ ] is sequence minimum valuefunction; the Compute[ ] is sequence line number function;
 4. Theprivacy protection query language PQL and system thereof of claim 1,wherein: the method for the query module to verify the encapsulated SQLstatement is as follows: Step 1: determining whether there is a WHEREclause, if yes, dividing the WHERE clause into first part and secondpart, if no, the entire SQL statement is the first part; Step 2:extracting the name of data table and field name of sequence in thefirst part to perform validity verification respectively, and if thesecond part exists after the verification is successful, performingverification on the second part; Step 3: verifying the field name,operator of sequence and field data type of actual sequence in thesecond part.
 5. The privacy protection query language PQL and systemthereof of claim 1, wherein: the calculation process of noise injectionsensitivity is as follows: Step 1: determining whether the queryfunction is a sequence line number function according to the parametertable, if yes, the sensitivity is a fixed value of 1, and thesensitivity is returned, if no, taking next step; Step 2: determiningwhether there is a global clause according to the parameter table, ifyes, ignoring the WHERE clause and using all data in the correspondingsequence field as sensitivity basis, if no, using the data filtered bythe WHERE clause conditions as the sensitivity basis; Step 3:calculating corresponding sensitivity according to the different queryfunctions and sensitivity basis in the parameter table, and returningthe sensitivity to the next step.
 6. The privacy protection querylanguage PQL and system thereof of claim 1, wherein the mapping tablecomprising query data table name, query function, query sequence fieldname and WHERE clause.
 7. The privacy protection query language PQL andsystem thereof of claim 1, wherein the parameter table comprises queryfunction, global clause, WHERE clause and privacy budget.